#shadowit — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #shadowit, aggregated by home.social.
-
3/3
This is a supply chain story dressed as a CVE. The ecosystem was built too fast. Security assumed it would catch up. It hasn't.
Digital sovereignty without perimeter defence is just security theatre. If you're running MCP servers and you skip the proxy because 'it adds complexity,' you've already lost.
https://haunted.lighthouse.co.im/articles/badhost-mcp-sovereignty/
#BadHost #CVE202648710 #Starlette #FastAPI #MCP #SupplyChain #CyberSecurity #DigitalSovereignty #ShadowIT #Architecture
-
Did you already listen to our latest episode "Sleep Mode in Production" ?
A warehouse suddenly stopped operating — not because of a cyberattack, but because a laptop entered sleep mode.
A known system solved a real business problem, made its way into production, skipped a few operational questions… and eventually became more critical than anyone expected.
Listen now: https://ithorrorstories.eu/#ep14
#technology #IT #ShadowIT #DevOps #Infrastructure #Podcast #ITHorrorStories
-
Did you already listen to our latest episode "Sleep Mode in Production" ?
A warehouse suddenly stopped operating — not because of a cyberattack, but because a laptop entered sleep mode.
A known system solved a real business problem, made its way into production, skipped a few operational questions… and eventually became more critical than anyone expected.
Listen now: https://ithorrorstories.eu/#ep14
#technology #IT #ShadowIT #DevOps #Infrastructure #Podcast #ITHorrorStories
-
Did you already listen to our latest episode "Sleep Mode in Production" ?
A warehouse suddenly stopped operating — not because of a cyberattack, but because a laptop entered sleep mode.
A known system solved a real business problem, made its way into production, skipped a few operational questions… and eventually became more critical than anyone expected.
Listen now: https://ithorrorstories.eu/#ep14
#technology #IT #ShadowIT #DevOps #Infrastructure #Podcast #ITHorrorStories
-
Did you already listen to our latest episode "Sleep Mode in Production" ?
A warehouse suddenly stopped operating — not because of a cyberattack, but because a laptop entered sleep mode.
A known system solved a real business problem, made its way into production, skipped a few operational questions… and eventually became more critical than anyone expected.
Listen now: https://ithorrorstories.eu/#ep14
#technology #IT #ShadowIT #DevOps #Infrastructure #Podcast #ITHorrorStories
-
Did you already listen to our latest episode "Sleep Mode in Production" ?
A warehouse suddenly stopped operating — not because of a cyberattack, but because a laptop entered sleep mode.
A known system solved a real business problem, made its way into production, skipped a few operational questions… and eventually became more critical than anyone expected.
Listen now: https://ithorrorstories.eu/#ep14
#technology #IT #ShadowIT #DevOps #Infrastructure #Podcast #ITHorrorStories
-
https://www.europesays.com/britain/40793/ UK senior leaders more likely to use Shadow AI tools #AIEthics&Governance #ArtificialIntelligence(AI) #ChangeManagement #Cybersecurity #Data/Privacy #DataProtection #DataSecurity #DigitalTransformation #GenerativeAI(GenAI) #OrganisationalCulture #RiskManagement #ShadowIT #UK #UnitedKingdom #UnitedKingdom(UK) #UnitedStates(US) #WorkplaceCulture
-
New episode: Sleep Mode in Production.
A warehouse outage caused by a laptop entering sleep mode sounds ridiculous… until you realize it really can happen.
Shadow IT, missing operational checks, and “temporary” solutions reaching production.
Find all links to listen on our website : https://ithorrorstories.eu/#ep14
Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj#technology #ShadowIT #DevOps #ITOperations #ITHorrorStories
-
New episode: Sleep Mode in Production.
A warehouse outage caused by a laptop entering sleep mode sounds ridiculous… until you realize it really can happen.
Shadow IT, missing operational checks, and “temporary” solutions reaching production.
Find all links to listen on our website : https://ithorrorstories.eu/#ep14
Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj#technology #ShadowIT #DevOps #ITOperations #ITHorrorStories
-
New episode: Sleep Mode in Production.
A warehouse outage caused by a laptop entering sleep mode sounds ridiculous… until you realize it really can happen.
Shadow IT, missing operational checks, and “temporary” solutions reaching production.
Find all links to listen on our website : https://ithorrorstories.eu/#ep14
Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj#technology #ShadowIT #DevOps #ITOperations #ITHorrorStories
-
New episode: Sleep Mode in Production.
A warehouse outage caused by a laptop entering sleep mode sounds ridiculous… until you realize it really can happen.
Shadow IT, missing operational checks, and “temporary” solutions reaching production.
Find all links to listen on our website : https://ithorrorstories.eu/#ep14
Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj#technology #ShadowIT #DevOps #ITOperations #ITHorrorStories
-
New episode: Sleep Mode in Production.
A warehouse outage caused by a laptop entering sleep mode sounds ridiculous… until you realize it really can happen.
Shadow IT, missing operational checks, and “temporary” solutions reaching production.
Find all links to listen on our website : https://ithorrorstories.eu/#ep14
Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj#technology #ShadowIT #DevOps #ITOperations #ITHorrorStories
-
https://www.europesays.com/britain/31676/ UK firms urged to track hidden cyber attack surface #ApplicationInfrastructure #ApplicationProgrammingInterface(API) #AssetDiscovery #AttackSurfaceManagement #Cloud #CloudSecurity #CyberAttacks #Cybersecurity #DarkWeb #DataBreach #DigitalFootprint #DigitalTransformation #EnterpriseSecurity #ExternalAttackSurfaceManagement #Infosec #OpenSource #Phishing #ShadowIT #SupplyChain #SupplyChainSecurity #ThreatLandscape #UK #UnitedKingdom #UnitedKingdom(UK)
-
Enterprises claim visibility into AI but over half have shadow usage fears #ArtificialIntelligence #ShadowIT
-
A recent Pentagon vendor cutoff exposed how many enterprises silently rely on hidden AI tools—think Claude, SDKs, and automated agents tucked away in Shadow IT. The fallout raises urgent questions about security, compliance, and true AI independence. Dive into the details to see what your organization might be missing. #AIDependencies #PentagonVendor #ShadowIT #EnterpriseSecurity
🔗 https://aidailypost.com/news/pentagon-vendor-cutoff-reveals-hidden-ai-dependencies-enterprises-lack
-
Is your "strategy" just a collection of manual spreadsheets? We call this Shadow Data Collapse. When the one person who understands the macros leaves, your "insights" go with them. Stop managing liabilities and start fixing the process.
Measure your friction before the collapse:
https://shaolindataservices.com/#diagnostic#DataStrategy #ShadowIT #Ops #ShaolinData #Analytics
-
Is your "strategy" just a collection of manual spreadsheets? We call this Shadow Data Collapse. When the one person who understands the macros leaves, your "insights" go with them. Stop managing liabilities and start fixing the process.
Measure your friction before the collapse:
https://shaolindataservices.com/#diagnostic#DataStrategy #ShadowIT #Ops #ShaolinData #Analytics
-
OpenClaw just hit 160 000 ⭐ on GitHub, showing how shadow‑IT tools are becoming mainstream. Its AI‑driven local agent lets users bypass corporate controls, raising fresh enterprise‑security questions. How should orgs respond to unauthorized software and shifting user permissions? Dive into the analysis. #OpenClaw #ShadowIT #AIAGENT #EnterpriseSecurity
🔗 https://aidailypost.com/news/openclaw-hits-160000-github-stars-shadow-it-becomes-new-normal
-
Adventures in Uptime: The Desk Production Server #13
You haven't known fear until you've been asked to "just reboot a PC" and discovered it's actually a production server that has lived under a desk for years.
"Enterprise-grade infrastructure" sometimes just means a desktop tower with a "Do Not Unplug" sticky note. 😅
The full story is available on my blog: https://alexnuttinck.dev/posts/adventures-in-uptime/13-the-desk-production-server/
-
Finding out the sales team spent millions on a server because, well, 'storage,' is exactly the kind of surprise that keeps tech folks on their toes.
Find out more in Episode 9 - Shadow IT Reports
https://youtube.com/shorts/WAvQlBR08UU
#podcast #tech #techlife #ithumor #shadowit #cybersecurity
Listen to our podcast on :
Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj -
You think your IT is under control, then suddenly realize half the business has their own secret apps running. Didn't see that coming, did you?
Find out more in Episode 9 - Shadow IT Reports
https://youtube.com/shorts/EL5FPj-xdLU
Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj -
Ever wondered what Shadow IT actually is? Think of it as business folks building their own secret solutions without telling IT. If you’re clueless, stay blessed—ignorance really is bliss in this case.
Find out more in our latest episode Shadow IT Reports, available now on all podcast networks and where-ever you get your panic attacks.
Spotify : https://open.spotify.com/show/7LqbtykS0IQctSCucvQVHW
Apple Music : https://podcasts.apple.com/us/podcast/it-horror-stories-with-jack-smith/id1812612272
YouTube : https://music.youtube.com/playlist?list=PL9A9yzpnkOdVQvmFjgTsZRrE-zDCuIVcX
Deezer : https://link.deezer.com/s/30dyH3RoKvN8N24zgsbhj -
📚 Frameworks
===================Executive summary: Ownerless or forgotten IT assets — orphaned physical/virtual servers, stale test environments, and inactive service accounts — represent persistent security, compliance, and cost risks. The core recommendation is to operationalize discovery, reconciliation, and lifecycle controls rather than relying on ad-hoc manual inventories.
Technical details:
• Orphaned servers: common after migrations, M&A, or expired projects; LetsEncrypt telemetry noted that in 2024 roughly half of renewal requests came from devices no longer associated with the domain (≈1,000,000 devices globally).
• Forgotten accounts: technical service accounts, contractor and non-personalized accounts that remain privileged despite inactivity.
• Detection components: an Automated Discovery and Reconciliation (AD&R) workflow that merges network scanning results and cloud inventory with the Configuration Management Database (CMDB), plus external vulnerability scans covering all public IP addresses.Analysis:
• Attack surface: exposed, unpatched services and privileged inactive accounts are common initial access vectors and persistence mechanisms.
• Operational gap: CMDBs are often stale or incomplete; cloud and network inventories live in silos, producing conflicting records that hide orphaned assets.Detection guidance:
• Consolidate inventories: correlate network scan outputs, cloud provider inventories, and CMDB records to flag mismatches and unassociated hosts.
• Directory hygiene: schedule regular Active Directory (or equivalent) analyses to list accounts with no activity over defined windows and enumerate assigned permissions.
• External scanning: scan all public IPs to identify exposed services and historical vulnerabilities that may have been patched on production but left open on forgotten assets.Mitigation and response:
• Decommissioning process: formalize documented steps that require verified data migration and certified data destruction prior to powering down, recycling, or repurposing hardware.
• Quarantine posture: until decommissioning is complete, move suspect servers into an isolated subnet to reduce exposure.
• Test environment controls: implement automated lifecycle policies to create and dismantle test environments based on project timelines or inactivity; enforce strict isolation and forbid use of real, non-anonymized production data.
• Identity controls: integrate an Identity and Access Management (IAM) solution to scale account lifecycle management, enforce least privilege, and automate removal of excessive permissions.Limitations and considerations:
• Inventory quality: AD&R effectiveness depends on the completeness of source inventories and on reliable CMDB data.
• Change management: organizational buy-in is needed for automated decommissioning and account removal policies.🔹 cmdb #iam #shadowIT #asset_management #letsEncrypt
🔗 Source: https://www.kaspersky.com/blog/forsaken-servers-apis-apps-accounts-find-and-protect/55036/
-
Google Opal is cool. Like dangerously cool.
No code AI mini apps mean employees can build powerful tools in minutes. That is innovation and also shadow AI, unclear data boundaries, and a lot of who approved this energy.
We break down what this means for privacy, governance, and B2B teams trying to keep up.
👉 https://medium.com/@biytelum/googles-opal-makes-ai-app-building-easy-that-is-exactly-why-it-deserves-a-privacy-conversation-8d5c2cab73ad
#GoogleOpal #DataPrivacy #AI #B2B #ShadowIT -
Google Opal is cool. Like dangerously cool.
No code AI mini apps mean employees can build powerful tools in minutes. That is innovation and also shadow AI, unclear data boundaries, and a lot of who approved this energy.
We break down what this means for privacy, governance, and B2B teams trying to keep up.
👉 https://medium.com/@biytelum/googles-opal-makes-ai-app-building-easy-that-is-exactly-why-it-deserves-a-privacy-conversation-8d5c2cab73ad
#GoogleOpal #DataPrivacy #AI #B2B #ShadowIT -
Google Opal lowers the barrier to building AI tools — fast.
As an experimental Google Labs product, it has no enterprise SLAs and limited security controls, and Google notes that a small subset of prompts may be reviewed.
For organizations, the risk isn’t innovation — it’s employee-built AI handling business or personal data without clear governance.
#GoogleOpal #GoogleLabs #DataPrivacy #Compliance #B2B #AI #ShadowIT -
Google Opal lowers the barrier to building AI tools — fast.
As an experimental Google Labs product, it has no enterprise SLAs and limited security controls, and Google notes that a small subset of prompts may be reviewed.
For organizations, the risk isn’t innovation — it’s employee-built AI handling business or personal data without clear governance.
#GoogleOpal #GoogleLabs #DataPrivacy #Compliance #B2B #AI #ShadowIT -
So very human, I can sympathize
-
Organizations struggle to manage shadow AI #artificialIntelligence #ShadowIT
https://betanews.com/2025/12/03/organizations-struggle-to-manage-shadow-ai/
-
Employees keep finding new ways around company access controls https://www.helpnetsecurity.com/2025/11/03/1password-access-trust-gap-report/ #Artificialintelligence #accesscontrol #cybersecurity #1Password #passwords #shadowIT #policy #report #News #SaaS
-
Shadow AI: New ideas emerge to tackle an old problem in new form https://www.helpnetsecurity.com/2025/10/31/shadow-ai-advice-solutions/ #Artificialintelligence #promptinjection #EyeSecurity #opensource #Don'tmiss #1Password #Hotstuff #shadowIT #survey #News #LLMs
-
Organizations struggle to manage AI and SaaS use safely #ArtificialIntelligence #ShadowIT
https://betanews.com/2025/10/30/organizations-struggle-to-manage-ai-and-saas-use-safely/
-
90% of employees use unsanctioned AI. Not only does that risk cybersecurity, but it also puts most companies' IP at risk.
#AI #shadowit #cybersecurity
https://fortune.com/2025/08/19/shadow-ai-economy-mit-study-genai-divide-llm-chatbots/ -
On paper, I am in no way qualified to replace my wife's employer's IT department.
But based on what I've personally experienced, neither are they.
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏
The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management
Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.
HD Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.
Key insights from our conversation:
• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had
• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days
• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls
• Traditional agent-based tools can't see what attackers see
#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.
📺 Watch the video: https://youtu.be/hkKJsKUugIU
🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story
➤ Learn more about RunZero: https://itspm.ag/runzero-5733
✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏
The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management
Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.
HD Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.
Key insights from our conversation:
• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had
• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days
• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls
• Traditional agent-based tools can't see what attackers see
#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.
📺 Watch the video: https://youtu.be/hkKJsKUugIU
🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story
➤ Learn more about RunZero: https://itspm.ag/runzero-5733
✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏
The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management
Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.
HD Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.
Key insights from our conversation:
• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had
• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days
• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls
• Traditional agent-based tools can't see what attackers see
#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.
📺 Watch the video: https://youtu.be/hkKJsKUugIU
🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story
➤ Learn more about RunZero: https://itspm.ag/runzero-5733
✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏
The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management
Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.
HD Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.
Key insights from our conversation:
• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had
• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days
• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls
• Traditional agent-based tools can't see what attackers see
#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.
📺 Watch the video: https://youtu.be/hkKJsKUugIU
🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story
➤ Learn more about RunZero: https://itspm.ag/runzero-5733
✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity
-
🎯 NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
🔔 Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 🙏
The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management
Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.
HD Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.
Key insights from our conversation:
• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had
• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days
• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls
• Traditional agent-based tools can't see what attackers see
#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.
📺 Watch the video: https://youtu.be/hkKJsKUugIU
🎧 Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 📖 Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story
➤ Learn more about RunZero: https://itspm.ag/runzero-5733
✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero
🎪 Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
#Cybersecurity #VulnerabilityManagement #AssetDiscovery #AttackSurface #BlackHatUSA #BHUSA25 #ShadowIT #SecurityVisibility #Metasploit #ZeroDay #tech #technology #cybersecurity
-
How is your organisation managing Shadow IT? Share your strategies or challenges below. Let’s co-create smarter, safer innovation frameworks. #ShadowIT #DigitalTransformationLeadership #CIOPriorities #ITGovernance #InnovationCulture #ITOperatingModel #EmergingTechnologyStrategy #EnterpriseSecurity #LeadershipInTech #DigitalRiskManagement
https://medium.com/@sanjay.mohindroo66/managing-shadow-it-policies-that-work-without-stifling-innovation-c68c893285d5 -
How is your organisation managing Shadow IT? Share your strategies or challenges below. Let’s co-create smarter, safer innovation frameworks. #ShadowIT #DigitalTransformationLeadership #CIOPriorities #ITGovernance #InnovationCulture #ITOperatingModel #EmergingTechnologyStrategy #EnterpriseSecurity #LeadershipInTech #DigitalRiskManagement
https://medium.com/@sanjay.mohindroo66/managing-shadow-it-policies-that-work-without-stifling-innovation-c68c893285d5 -
Employees are quietly bringing AI to work and leaving security behind https://www.helpnetsecurity.com/2025/07/11/organizations-shadow-ai-risk/ #Artificialintelligence #cybersecurity #ManageEngine #cyberrisk #shadowIT #report #survey #News #LLMs
-
Employees are quietly bringing AI to work and leaving security behind https://www.helpnetsecurity.com/2025/07/11/organizations-shadow-ai-risk/ #Artificialintelligence #cybersecurity #ManageEngine #cyberrisk #shadowIT #report #survey #News #LLMs
-
Employees are quietly bringing AI to work and leaving security behind https://www.helpnetsecurity.com/2025/07/11/organizations-shadow-ai-risk/ #Artificialintelligence #cybersecurity #ManageEngine #cyberrisk #shadowIT #report #survey #News #LLMs
-
Good luck to anyone tackling shadow AI. Most companies haven't yet managed to get shadow IT under control, and we are now presenting them with an even bigger problem.
#IT #shadowIT #shadowAI #AI
https://thehackernews.com/expert-insights/2025/07/shadow-ai-how-to-mitigate-hidden-risks.html -
The Differences and Similarities Between Shadow IT and BYOC – Source: securityboulevard.com https://ciso2ciso.com/the-differences-and-similarities-between-shadow-it-and-byoc-source-securityboulevard-com/ #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityAwareness #SecurityBoulevard #SocialFacebook #SocialLinkedIn #CloudSecurity #Cybersecurity #Security #shadowIT #SocialX #BYOC
-
Healthcare workers regularly upload sensitive data to GenAI, cloud accounts https://www.helpnetsecurity.com/2025/05/08/healthcare-workers-upload-sensitive-data-genai/ #cybersecurity #datasecurity #GenerativeAI #healthcare #dataleak #Netskope #shadowIT #report #survey #News
-
#Microsoft aktiviert #OneDrive-Sync mit privaten Konten – per Default.
Ein Klick, und Daten verlassen das Unternehmen.
Nur DisablePersonalSync hilft.
Info: https://bit.ly/4d8CfAc engl: https://bit.ly/4jVCyAZ
#ITSecurity #Gruppenrichtlinie #DSGVO #AdminAlarm #ShadowIT -
1Password macht ernst: Neue Plattform, KI-Sicherheit und ein Drata-Deal
#itsecurity #techupdate #1password #agenticai #zerotrust #saas #securityupdate #compliance #drata #shadowit
